diff options
| -rwxr-xr-x | debian/autobake-deb.sh | 6 | ||||
| -rwxr-xr-x | debian/rules | 5 | ||||
| -rw-r--r-- | mysql-test/main/openssl_1.result | 72 | ||||
| -rw-r--r-- | mysql-test/main/openssl_1.test | 91 | ||||
| -rw-r--r-- | mysql-test/main/ssl.result | 5 | ||||
| -rw-r--r-- | mysql-test/main/ssl.test | 5 | ||||
| -rw-r--r-- | mysql-test/main/ssl_cert_verify.test | 2 | ||||
| -rw-r--r-- | mysql-test/main/ssl_cipher-master.opt | 1 | ||||
| -rw-r--r-- | mysql-test/main/ssl_cipher.result | 63 | ||||
| -rw-r--r-- | mysql-test/main/ssl_cipher.test | 110 | ||||
| -rw-r--r-- | mysql-test/suite.pm | 5 | ||||
| -rw-r--r-- | mysql-test/suite/funcs_1/r/is_check_constraint.result | 121 | ||||
| -rw-r--r-- | mysql-test/suite/funcs_1/t/is_check_constraint.test | 92 |
13 files changed, 410 insertions, 168 deletions
diff --git a/debian/autobake-deb.sh b/debian/autobake-deb.sh index 6f859aa01ef..93d2b695397 100755 --- a/debian/autobake-deb.sh +++ b/debian/autobake-deb.sh @@ -124,6 +124,12 @@ EOF sed -i -e "/-DPLUGIN_AWS_KEY_MANAGEMENT=NO/d" debian/rules fi +# Don't build cassandra package if thrift is not installed +if [[ ! -f /usr/local/include/thrift/Thrift.h && ! -f /usr/include/thrift/Thrift.h ]] +then + sed '/Package: mariadb-plugin-cassandra/,/^$/d' -i debian/control +fi + # Mroonga, TokuDB never built on Travis CI anyway, see build flags above if [[ $TRAVIS ]] then diff --git a/debian/rules b/debian/rules index c3252fb585e..93bfe01e55e 100755 --- a/debian/rules +++ b/debian/rules @@ -114,11 +114,6 @@ override_dh_auto_install: dh_testdir dh_testroot - # If libthrift-dev was available (manually installed, as it is - # not in Debian) and ha_cassandra.so was thus built, create package, - # otherwise skip it. - [ -f $(BUILDDIR)/storage/cassandra/ha_cassandra.so ] || sed -i -e "/Package: mariadb-plugin-cassandra/,+20d" debian/control - ifneq (,$(filter linux,$(DEB_HOST_ARCH_OS))) # Copy systemd files to a location available for dh_installinit cp $(BUILDDIR)/support-files/mariadb.service debian/mariadb-server-10.3.mariadb.service diff --git a/mysql-test/main/openssl_1.result b/mysql-test/main/openssl_1.result index 3f0483b1e64..96b1895d57b 100644 --- a/mysql-test/main/openssl_1.result +++ b/mysql-test/main/openssl_1.result @@ -4,52 +4,38 @@ drop table if exists t1; create table t1(f1 int); insert into t1 values (5); grant select on test.* to ssl_user1@localhost require SSL; -grant select on test.* to ssl_user2@localhost require cipher "AES256-SHA"; -grant select on test.* to ssl_user3@localhost require cipher "AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client"; -grant select on test.* to ssl_user4@localhost require cipher "AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB"; -grant select on test.* to ssl_user5@localhost require cipher "AES256-SHA" AND SUBJECT "xxx"; +grant select on test.* to ssl_user3@localhost require SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client"; +grant select on test.* to ssl_user4@localhost require SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB"; +grant select on test.* to ssl_user5@localhost require SUBJECT "xxx"; flush privileges; -connect con1,localhost,ssl_user1,,,,,SSL-CIPHER=AES256-SHA; -connect(localhost,ssl_user2,,test,MASTER_PORT,MASTER_SOCKET); -connect con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES128-SHA; -ERROR 28000: Access denied for user 'ssl_user2'@'localhost' (using password: NO) -connect con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES256-SHA; -connect con3,localhost,ssl_user3,,,,,SSL-CIPHER=AES256-SHA; -connect con4,localhost,ssl_user4,,,,,SSL-CIPHER=AES256-SHA; +connect con1,localhost,ssl_user1,,,,,SSL; +connect con3,localhost,ssl_user3,,,,,SSL; +connect con4,localhost,ssl_user4,,,,,SSL; connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET); -connect con5,localhost,ssl_user5,,,,,SSL-CIPHER=AES256-SHA; +connect con5,localhost,ssl_user5,,,,,SSL; ERROR 28000: Access denied for user 'ssl_user5'@'localhost' (using password: NO) connection con1; -SHOW STATUS LIKE 'Ssl_cipher'; -Variable_name Value -Ssl_cipher AES256-SHA +SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +have_ssl +1 select * from t1; f1 5 delete from t1; ERROR 42000: DELETE command denied to user 'ssl_user1'@'localhost' for table 't1' -connection con2; -SHOW STATUS LIKE 'Ssl_cipher'; -Variable_name Value -Ssl_cipher AES256-SHA -select * from t1; -f1 -5 -delete from t1; -ERROR 42000: DELETE command denied to user 'ssl_user2'@'localhost' for table 't1' connection con3; -SHOW STATUS LIKE 'Ssl_cipher'; -Variable_name Value -Ssl_cipher AES256-SHA +SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +have_ssl +1 select * from t1; f1 5 delete from t1; ERROR 42000: DELETE command denied to user 'ssl_user3'@'localhost' for table 't1' connection con4; -SHOW STATUS LIKE 'Ssl_cipher'; -Variable_name Value -Ssl_cipher AES256-SHA +SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +have_ssl +1 select * from t1; f1 5 @@ -57,20 +43,15 @@ delete from t1; ERROR 42000: DELETE command denied to user 'ssl_user4'@'localhost' for table 't1' connection default; disconnect con1; -disconnect con2; disconnect con3; disconnect con4; -drop user ssl_user1@localhost, ssl_user2@localhost, -ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost; +drop user ssl_user1@localhost, ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost; drop table t1; mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxx -SHOW STATUS LIKE 'Ssl_cipher'; -Variable_name Value -Ssl_cipher AES256-SHA have_ssl 1 End of 5.0 tests @@ -94,13 +75,7 @@ SSL_ACCEPTS # SSL_CALLBACK_CACHE_HITS # DROP TABLE thread_status; SET GLOBAL event_scheduler=0; -SHOW STATUS LIKE 'Ssl_cipher'; -Variable_name Value -Ssl_cipher AES128-SHA -SHOW STATUS LIKE 'Ssl_cipher'; -Variable_name Value -Ssl_cipher AES128-SHA -mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxxCREATE TABLE t1(a int); +CREATE TABLE t1(a int); INSERT INTO t1 VALUES (1), (2); /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; @@ -204,19 +179,12 @@ UNLOCK TABLES; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; -mysqldump: Got error: 2026: SSL connection error: xxxx +mysqldump: Got error: 2026: "SSL connection error: xxxx DROP TABLE t1; -Variable_name Value -Ssl_cipher AES256-SHA -Variable_name Value -Ssl_cipher AES128-SHA -select 'is still running; no cipher request crashed the server' as result from dual; -result -is still running; no cipher request crashed the server GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509; FLUSH PRIVILEGES; connect con1,localhost,bug42158,,,,,SSL; -SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; have_ssl 1 disconnect con1; diff --git a/mysql-test/main/openssl_1.test b/mysql-test/main/openssl_1.test index dce4f88b6bb..27eeb0198b1 100644 --- a/mysql-test/main/openssl_1.test +++ b/mysql-test/main/openssl_1.test @@ -19,58 +19,45 @@ create table t1(f1 int); insert into t1 values (5); grant select on test.* to ssl_user1@localhost require SSL; -grant select on test.* to ssl_user2@localhost require cipher "AES256-SHA"; -grant select on test.* to ssl_user3@localhost require cipher "AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client"; -grant select on test.* to ssl_user4@localhost require cipher "AES256-SHA" AND SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB"; -grant select on test.* to ssl_user5@localhost require cipher "AES256-SHA" AND SUBJECT "xxx"; +grant select on test.* to ssl_user3@localhost require SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client"; +grant select on test.* to ssl_user4@localhost require SUBJECT "/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client" ISSUER "/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB"; +grant select on test.* to ssl_user5@localhost require SUBJECT "xxx"; flush privileges; -connect (con1,localhost,ssl_user1,,,,,SSL-CIPHER=AES256-SHA); +connect (con1,localhost,ssl_user1,,,,,SSL); --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT ---error ER_ACCESS_DENIED_ERROR -connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES128-SHA); -connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES256-SHA); -connect (con3,localhost,ssl_user3,,,,,SSL-CIPHER=AES256-SHA); -connect (con4,localhost,ssl_user4,,,,,SSL-CIPHER=AES256-SHA); +connect (con3,localhost,ssl_user3,,,,,SSL); +connect (con4,localhost,ssl_user4,,,,,SSL); --replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT --error ER_ACCESS_DENIED_ERROR -connect (con5,localhost,ssl_user5,,,,,SSL-CIPHER=AES256-SHA); +connect (con5,localhost,ssl_user5,,,,,SSL); connection con1; # Check ssl turned on -SHOW STATUS LIKE 'Ssl_cipher'; -select * from t1; ---error ER_TABLEACCESS_DENIED_ERROR -delete from t1; - -connection con2; -# Check ssl turned on -SHOW STATUS LIKE 'Ssl_cipher'; +SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; select * from t1; --error ER_TABLEACCESS_DENIED_ERROR delete from t1; connection con3; # Check ssl turned on -SHOW STATUS LIKE 'Ssl_cipher'; +SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; select * from t1; --error ER_TABLEACCESS_DENIED_ERROR delete from t1; connection con4; # Check ssl turned on -SHOW STATUS LIKE 'Ssl_cipher'; +SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; select * from t1; --error ER_TABLEACCESS_DENIED_ERROR delete from t1; connection default; disconnect con1; -disconnect con2; disconnect con3; disconnect con4; -drop user ssl_user1@localhost, ssl_user2@localhost, -ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost; +drop user ssl_user1@localhost, ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost; drop table t1; @@ -124,21 +111,13 @@ drop table t1; --echo # -# Bug#21611 Slave can't connect when master-ssl-cipher specified -# - Apparently selecting a cipher doesn't work at all -# - Use a cipher that both yaSSL and OpenSSL supports -# ---exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit;" > $MYSQLTEST_VARDIR/tmp/test.sql ---exec $MYSQL_TEST --ssl-cipher=AES256-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 - -# # Bug#25309 SSL connections without CA certificate broken since MySQL 5.0.23 # # Test that we can open encrypted connection to server without # verification of servers certificate by setting both ca certificate # and ca path to NULL # ---exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'" 2>&1 +--exec $MYSQL --ssl --ssl-key=$MYSQL_TEST_DIR/std_data/client-key.pem --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem -e "SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'" 2>&1 --echo End of 5.0 tests # @@ -180,25 +159,6 @@ DROP TABLE thread_status; SET GLOBAL event_scheduler=0; # -# Test to connect using a list of ciphers -# ---exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit;" > $MYSQLTEST_VARDIR/tmp/test.sql ---exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER:AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 - - -# Test to connect using a specifi cipher -# ---exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit;" > $MYSQLTEST_VARDIR/tmp/test.sql ---exec $MYSQL_TEST --ssl-cipher=AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 - -# Test to connect using an unknown cipher -# ---exec echo "SHOW STATUS LIKE 'Ssl_cipher'; exit" > $MYSQLTEST_VARDIR/tmp/test.sql ---replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ ---error 1 ---exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 - -# # Bug#27669 mysqldump: SSL connection error when trying to connect # @@ -214,7 +174,7 @@ INSERT INTO t1 VALUES (1), (2); # With wrong parameters --replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR mysqldump.exe mysqldump ---replace_regex /\"SSL connection error.*/SSL connection error: xxxx/ +--replace_regex /SSL connection error.*/SSL connection error: xxxx/ --error 2 --exec $MYSQL_DUMP --skip-create-options --skip-comments --ssl --ssl-cert=$MYSQL_TEST_DIR/std_data/client-cert.pem test 2>&1 --echo @@ -222,36 +182,13 @@ DROP TABLE t1; --remove_file $MYSQLTEST_VARDIR/tmp/test.sql # -# Bug#39172 Asking for DH+non-RSA key with server set to use other key caused -# YaSSL to crash the server. -# - -# Common ciphers to openssl and yassl ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=AES256-SHA ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=AES128-SHA ---disable_query_log ---disable_result_log - -# Below here caused crashes. ################ ---error 1,0 ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=NOT----EXIST -# These probably exist but the server's keys can't be used to accept these kinds of connections. ---error 1,0 ---exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=AES128-RMD - -# If this gives a result, then the bug is fixed. ---enable_result_log ---enable_query_log -select 'is still running; no cipher request crashed the server' as result from dual; - -# # Bug#42158: leak: SSL_get_peer_certificate() doesn't have matching X509_free() # GRANT SELECT ON test.* TO bug42158@localhost REQUIRE X509; FLUSH PRIVILEGES; connect(con1,localhost,bug42158,,,,,SSL); -SELECT (VARIABLE_VALUE <> '') AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; +SELECT VARIABLE_VALUE <> '' AS have_ssl FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher'; disconnect con1; connection default; DROP USER bug42158@localhost; diff --git a/mysql-test/main/ssl.result b/mysql-test/main/ssl.result index 5de9e5174d8..bd2d650acc5 100644 --- a/mysql-test/main/ssl.result +++ b/mysql-test/main/ssl.result @@ -2175,8 +2175,3 @@ still connected? still connected? connection default; disconnect ssl_con; -create user mysqltest_1@localhost; -grant usage on mysqltest.* to mysqltest_1@localhost require cipher "AES256-SHA"; -Variable_name Value -Ssl_cipher AES256-SHA -drop user mysqltest_1@localhost; diff --git a/mysql-test/main/ssl.test b/mysql-test/main/ssl.test index f2ac288db7a..67db668a1c2 100644 --- a/mysql-test/main/ssl.test +++ b/mysql-test/main/ssl.test @@ -32,10 +32,5 @@ select 'still connected?'; connection default; disconnect ssl_con; -create user mysqltest_1@localhost; -grant usage on mysqltest.* to mysqltest_1@localhost require cipher "AES256-SHA"; ---exec $MYSQL -umysqltest_1 --ssl-cipher=AES256-SHA -e "show status like 'ssl_cipher'" 2>&1 -drop user mysqltest_1@localhost; - # Wait till all disconnects are completed --source include/wait_until_count_sessions.inc diff --git a/mysql-test/main/ssl_cert_verify.test b/mysql-test/main/ssl_cert_verify.test index 83f621b7ca9..51b1612e45b 100644 --- a/mysql-test/main/ssl_cert_verify.test +++ b/mysql-test/main/ssl_cert_verify.test @@ -30,7 +30,7 @@ let $ssl_verify_pass_path = --ssl --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-veri --enable_reconnect --source include/wait_until_connected_again.inc ---replace_result TLSv1.2 TLS_VERSION TLSv1.1 TLS_VERSION TLSv1 TLS_VERSION +--replace_result TLSv1.3 TLS_VERSION TLSv1.2 TLS_VERSION TLSv1.1 TLS_VERSION TLSv1 TLS_VERSION --exec $MYSQL --protocol=tcp --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify.pem --ssl-verify-server-cert -e "SHOW STATUS like 'Ssl_version'" --echo # restart server using restart diff --git a/mysql-test/main/ssl_cipher-master.opt b/mysql-test/main/ssl_cipher-master.opt deleted file mode 100644 index d750c46ba5c..00000000000 --- a/mysql-test/main/ssl_cipher-master.opt +++ /dev/null @@ -1 +0,0 @@ ---loose-ssl-cipher=AES128-SHA diff --git a/mysql-test/main/ssl_cipher.result b/mysql-test/main/ssl_cipher.result index 79998dfca80..266c9f9322a 100644 --- a/mysql-test/main/ssl_cipher.result +++ b/mysql-test/main/ssl_cipher.result @@ -1,6 +1,61 @@ -# -# BUG#11760210 - SSL_CIPHER_LIST NOT SET OR RETURNED FOR "SHOW STATUS LIKE 'SSL_CIPHER_LIST'" -# +create user ssl_user1@localhost require SSL; +create user ssl_user2@localhost require cipher 'AES256-SHA'; +create user ssl_user3@localhost require cipher 'AES256-SHA' AND SUBJECT '/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client'; +create user ssl_user4@localhost require cipher 'AES256-SHA' AND SUBJECT '/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client' ISSUER '/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB'; +create user ssl_user5@localhost require cipher 'AES256-SHA' AND SUBJECT 'xxx'; +connect con1,localhost,ssl_user1,,,,,SSL-CIPHER=AES256-SHA; +connect(localhost,ssl_user2,,test,MASTER_PORT,MASTER_SOCKET); +connect con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES128-SHA; +ERROR 28000: Access denied for user 'ssl_user2'@'localhost' (using password: NO) +connect con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES256-SHA; +connect con3,localhost,ssl_user3,,,,,SSL-CIPHER=AES256-SHA; +connect con4,localhost,ssl_user4,,,,,SSL-CIPHER=AES256-SHA; +connect(localhost,ssl_user5,,test,MASTER_PORT,MASTER_SOCKET); +connect con5,localhost,ssl_user5,,,,,SSL-CIPHER=AES256-SHA; +ERROR 28000: Access denied for user 'ssl_user5'@'localhost' (using password: NO) +connection con1; +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher AES256-SHA +disconnect con1; +connection con2; +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher AES256-SHA +disconnect con2; +connection con3; +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher AES256-SHA +disconnect con3; +connection con4; +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher AES256-SHA +disconnect con4; +connection default; +drop user ssl_user1@localhost, ssl_user2@localhost, ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost; +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher AES256-SHA +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher AES128-SHA +SHOW STATUS LIKE 'Ssl_cipher'; +Variable_name Value +Ssl_cipher AES128-SHA +mysqltest: Could not open connection 'default': 2026 SSL connection error: xxxxVariable_name Value +Ssl_cipher AES256-SHA +Variable_name Value +Ssl_cipher AES128-SHA +select 'is still running; no cipher request crashed the server' as result from dual; +result +is still running; no cipher request crashed the server +create user mysqltest_1@localhost; +grant usage on mysqltest.* to mysqltest_1@localhost require cipher "AES256-SHA"; +Variable_name Value +Ssl_cipher AES256-SHA +drop user mysqltest_1@localhost; connect ssl_con,localhost,root,,,,,SSL; SHOW STATUS LIKE 'Ssl_cipher'; Variable_name Value @@ -8,5 +63,5 @@ Ssl_cipher AES128-SHA SHOW STATUS LIKE 'Ssl_cipher_list'; Variable_name Value Ssl_cipher_list AES128-SHA -connection default; disconnect ssl_con; +connection default; diff --git a/mysql-test/main/ssl_cipher.test b/mysql-test/main/ssl_cipher.test index cf249343324..27854654a9f 100644 --- a/mysql-test/main/ssl_cipher.test +++ b/mysql-test/main/ssl_cipher.test @@ -1,23 +1,103 @@ -# Turn on ssl between the client and server -# and run a number of tests +# +# Various tests that require setting of a specific ssl_cipher +# which currently doesn't work in OpenSSL 1.1.1 +# +--source include/have_ssl_communication.inc ---echo # ---echo # BUG#11760210 - SSL_CIPHER_LIST NOT SET OR RETURNED FOR "SHOW STATUS LIKE 'SSL_CIPHER_LIST'" ---echo # +if (`select @@version_ssl_library like 'OpenSSL 1.1.1%'`) { + skip OpenSSL 1.1.1; +} --- source include/have_ssl_communication.inc +create user ssl_user1@localhost require SSL; +create user ssl_user2@localhost require cipher 'AES256-SHA'; +create user ssl_user3@localhost require cipher 'AES256-SHA' AND SUBJECT '/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client'; +create user ssl_user4@localhost require cipher 'AES256-SHA' AND SUBJECT '/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB/CN=client' ISSUER '/CN=cacert/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB'; +create user ssl_user5@localhost require cipher 'AES256-SHA' AND SUBJECT 'xxx'; -# Save the initial number of concurrent sessions ---source include/count_sessions.inc +connect (con1,localhost,ssl_user1,,,,,SSL-CIPHER=AES256-SHA); +--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT +--error ER_ACCESS_DENIED_ERROR +connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES128-SHA); +connect (con2,localhost,ssl_user2,,,,,SSL-CIPHER=AES256-SHA); +connect (con3,localhost,ssl_user3,,,,,SSL-CIPHER=AES256-SHA); +connect (con4,localhost,ssl_user4,,,,,SSL-CIPHER=AES256-SHA); +--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT +--error ER_ACCESS_DENIED_ERROR +connect (con5,localhost,ssl_user5,,,,,SSL-CIPHER=AES256-SHA); -connect (ssl_con,localhost,root,,,,,SSL); +connection con1; +SHOW STATUS LIKE 'Ssl_cipher'; +disconnect con1; +connection con2; +SHOW STATUS LIKE 'Ssl_cipher'; +disconnect con2; +connection con3; +SHOW STATUS LIKE 'Ssl_cipher'; +disconnect con3; +connection con4; +SHOW STATUS LIKE 'Ssl_cipher'; +disconnect con4; +connection default; +drop user ssl_user1@localhost, ssl_user2@localhost, ssl_user3@localhost, ssl_user4@localhost, ssl_user5@localhost; -# Check Cipher Name and Cipher List +# +# Bug#21611 Slave can't connect when master-ssl-cipher specified +# - Apparently selecting a cipher doesn't work at all +# - Use a cipher that both yaSSL and OpenSSL supports +# +--write_file $MYSQLTEST_VARDIR/tmp/test.sql SHOW STATUS LIKE 'Ssl_cipher'; -SHOW STATUS LIKE 'Ssl_cipher_list'; +EOF +--exec $MYSQL_TEST --ssl-cipher=AES256-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 +# Test to connect using a list of ciphers +--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER:AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 +# Test to connect using a specifi cipher +--exec $MYSQL_TEST --ssl-cipher=AES128-SHA < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 +# Test to connect using an unknown cipher +--replace_regex /2026 SSL connection error.*/2026 SSL connection error: xxxx/ +--error 1 +--exec $MYSQL_TEST --ssl-cipher=UNKNOWN-CIPHER < $MYSQLTEST_VARDIR/tmp/test.sql 2>&1 +--remove_file $MYSQLTEST_VARDIR/tmp/test.sql -connection default; -disconnect ssl_con; +# +# Bug#39172 Asking for DH+non-RSA key with server set to use other key caused +# YaSSL to crash the server. +# -# Wait till all disconnects are completed ---source include/wait_until_count_sessions.inc +# Common ciphers to openssl and yassl +--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=AES256-SHA +--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl_cipher';" --ssl-cipher=AES128-SHA +--disable_query_log +--disable_result_log + +# Below here caused crashes. ################ +--error 0,1 +--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=NOT----EXIST +# These probably exist but the server's keys can't be used to accept these kinds of connections. +--error 0,1 +--exec $MYSQL --host=localhost -e "SHOW STATUS LIKE 'Ssl-cipher';" --ssl-cipher=AES128-RMD + +# If this gives a result, then the bug is fixed. +--enable_result_log +--enable_query_log +select 'is still running; no cipher request crashed the server' as result from dual; + +# +# MDEV-10054 Secure login fails when CIPHER is required +# +create user mysqltest_1@localhost; +grant usage on mysqltest.* to mysqltest_1@localhost require cipher "AES256-SHA"; +--exec $MYSQL -umysqltest_1 --ssl-cipher=AES256-SHA -e "show status like 'ssl_cipher'" 2>&1 +drop user mysqltest_1@localhost; + +# +# BUG#11760210 - SSL_CIPHER_LIST NOT SET OR RETURNED FOR "SHOW STATUS LIKE 'SSL_CIPHER_LIST'" +# it was a bug in yaSSL, fixed in d2e36e4258bb +# +let $restart_parameters=--ssl-cipher=AES128-SHA; +source include/restart_mysqld.inc; +connect (ssl_con,localhost,root,,,,,SSL); +SHOW STATUS LIKE 'Ssl_cipher'; +SHOW STATUS LIKE 'Ssl_cipher_list'; +disconnect ssl_con; +connection default; diff --git a/mysql-test/suite.pm b/mysql-test/suite.pm index 23c07958841..1c99e1ed645 100644 --- a/mysql-test/suite.pm +++ b/mysql-test/suite.pm @@ -62,9 +62,9 @@ sub skip_combinations { } $skip{'include/check_ipv6.inc'} = 'No IPv6' unless ipv6_ok(); - $skip{'main/openssl_6975.test'} = 'no or too old openssl' + $skip{'main/openssl_6975.test'} = 'no or wrong openssl version' unless $::mysqld_variables{'version-ssl-library'} =~ /OpenSSL (\S+)/ - and $1 ge "1.0.1d"; + and $1 ge "1.0.1d" and $1 lt "1.1.1"; $skip{'main/ssl_7937.combinations'} = [ 'x509v3' ] unless $::mysqld_variables{'version-ssl-library'} =~ /OpenSSL (\S+)/ @@ -74,4 +74,3 @@ sub skip_combinations { } bless { }; - diff --git a/mysql-test/suite/funcs_1/r/is_check_constraint.result b/mysql-test/suite/funcs_1/r/is_check_constraint.result new file mode 100644 index 00000000000..be44a8867e8 --- /dev/null +++ b/mysql-test/suite/funcs_1/r/is_check_constraint.result @@ -0,0 +1,121 @@ +# +# MDEV-17323: Backport INFORMATION_SCHEMA.CHECK_CONSTRAINTS to 10.2 +# +CREATE user boo1; +GRANT select,create,alter,drop on foo.* to boo1; +SHOW GRANTS for boo1; +Grants for boo1@% +GRANT USAGE ON *.* TO 'boo1'@'%' +GRANT SELECT, CREATE, DROP, ALTER ON `foo`.* TO 'boo1'@'%' +CREATE user boo2; +create database foo; +CONNECT con1,localhost, boo1,, foo; +SET check_constraint_checks=1; +CREATE TABLE t0 +( +t int, check (t>32) # table constraint +) ENGINE=myisam; +SELECT * from information_schema.check_constraints; +CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE +def foo CONSTRAINT_1 t0 `t` > 32 +ALTER TABLE t0 +ADD CONSTRAINT CHK_t0_t CHECK(t<100); +SELECT * from information_schema.check_constraints; +CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE +def foo CHK_t0_t t0 `t` < 100 +def foo CONSTRAINT_1 t0 `t` > 32 +ALTER TABLE t0 +DROP CONSTRAINT CHK_t0_t; +SELECT * from information_schema.check_constraints; +CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE +def foo CONSTRAINT_1 t0 `t` > 32 +ALTER TABLE t0 +ADD CONSTRAINT CHECK(t<50); +SELECT * from information_schema.check_constraints; +CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE +def foo CONSTRAINT_1 t0 `t` > 32 +def foo CONSTRAINT_2 t0 `t` < 50 +CREATE TABLE t1 +( t int CHECK(t>2), # field constraint +tt int, +CONSTRAINT CHECK (tt > 32), CONSTRAINT CHECK (tt <50),# autogenerated names table constraints +CONSTRAINT CHK_tt CHECK(tt<100) # named table constraint +) ENGINE=InnoDB; +SELECT * from information_schema.check_constraints; +CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE +def foo CHK_tt t1 `tt` < 100 +def foo CONSTRAINT_1 t0 `t` > 32 +def foo CONSTRAINT_1 t1 `tt` > 32 +def foo CONSTRAINT_2 t0 `t` < 50 +def foo CONSTRAINT_2 t1 `tt` < 50 +def foo t t1 `t` > 2 +ALTER TABLE t1 +DROP CONSTRAINT CHK_tt; +SELECT * from information_schema.check_constraints; +CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE +def foo CONSTRAINT_1 t0 `t` > 32 +def foo CONSTRAINT_1 t1 `tt` > 32 +def foo CONSTRAINT_2 t0 `t` < 50 +def foo CONSTRAINT_2 t1 `tt` < 50 +def foo t t1 `t` > 2 +CREATE TABLE t2 +( +name VARCHAR(30) CHECK(CHAR_LENGTH(name)>2), #field constraint +start_date DATE, +end_date DATE, +CONSTRAINT CHK_dates CHECK(start_date IS NULL) #table constraint +)ENGINE=Innodb; +SELECT * from information_schema.check_constraints; +CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE +def foo CHK_dates t2 `start_date` is null +def foo CONSTRAINT_1 t0 `t` > 32 +def foo CONSTRAINT_1 t1 `tt` > 32 +def foo CONSTRAINT_2 t0 `t` < 50 +def foo CONSTRAINT_2 t1 `tt` < 50 +def foo name t2 char_length(`name`) > 2 +def foo t t1 `t` > 2 +ALTER TABLE t1 +ADD CONSTRAINT CHK_new_ CHECK(t>tt); +SELECT * from information_schema.check_constraints; +CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE +def foo CHK_dates t2 `start_date` is null +def foo CHK_new_ t1 `t` > `tt` +def foo CONSTRAINT_1 t0 `t` > 32 +def foo CONSTRAINT_1 t1 `tt` > 32 +def foo CONSTRAINT_2 t0 `t` < 50 +def foo CONSTRAINT_2 t1 `tt` < 50 +def foo name t2 char_length(`name`) > 2 +def foo t t1 `t` > 2 +CREATE TABLE t3 +( +a int, +b int check (b>0), # field constraint named 'b' +CONSTRAINT b check (b>10) # table constraint +) ENGINE=InnoDB; +SELECT * from information_schema.check_constraints; +CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE +def foo CHK_dates t2 `start_date` is null +def foo CHK_new_ t1 `t` > `tt` +def foo CONSTRAINT_1 t0 `t` > 32 +def foo CONSTRAINT_1 t1 `tt` > 32 +def foo CONSTRAINT_2 t0 `t` < 50 +def foo CONSTRAINT_2 t1 `tt` < 50 +def foo b t3 `b` > 0 +def foo b t3 `b` > 10 +def foo name t2 char_length(`name`) > 2 +def foo t t1 `t` > 2 +disconnect con1; +CONNECT con2, localhost, boo2,, test; +SELECT * from information_schema.check_constraints; +CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_NAME CHECK_CLAUSE +disconnect con2; +CONNECT con1, localhost, boo1,,foo; +DROP TABLE t0; +DROP TABLE t1; +DROP TABLE t2; +DROP TABLE t3; +DROP DATABASE foo; +disconnect con1; +connection default; +DROP USER boo1; +DROP USER boo2; diff --git a/mysql-test/suite/funcs_1/t/is_check_constraint.test b/mysql-test/suite/funcs_1/t/is_check_constraint.test new file mode 100644 index 00000000000..30a72d02b34 --- /dev/null +++ b/mysql-test/suite/funcs_1/t/is_check_constraint.test @@ -0,0 +1,92 @@ +--source include/have_innodb.inc +--source include/not_embedded.inc +--echo # +--echo # MDEV-17323: Backport INFORMATION_SCHEMA.CHECK_CONSTRAINTS to 10.2 +--echo # +CREATE user boo1; +GRANT select,create,alter,drop on foo.* to boo1; +SHOW GRANTS for boo1; +CREATE user boo2; +create database foo; +# Connect with user boo1 +CONNECT(con1,localhost, boo1,, foo); + +SET check_constraint_checks=1; +CREATE TABLE t0 +( + t int, check (t>32) # table constraint +) ENGINE=myisam; +--sorted_result +SELECT * from information_schema.check_constraints; + +ALTER TABLE t0 +ADD CONSTRAINT CHK_t0_t CHECK(t<100); +--sorted_result +SELECT * from information_schema.check_constraints; + +ALTER TABLE t0 +DROP CONSTRAINT CHK_t0_t; +--sorted_result +SELECT * from information_schema.check_constraints; + +ALTER TABLE t0 +ADD CONSTRAINT CHECK(t<50); +--sorted_result +SELECT * from information_schema.check_constraints; + +CREATE TABLE t1 +( t int CHECK(t>2), # field constraint + tt int, + CONSTRAINT CHECK (tt > 32), CONSTRAINT CHECK (tt <50),# autogenerated names table constraints + CONSTRAINT CHK_tt CHECK(tt<100) # named table constraint +) ENGINE=InnoDB; + --sorted_result +SELECT * from information_schema.check_constraints; + +ALTER TABLE t1 +DROP CONSTRAINT CHK_tt; +--sorted_result +SELECT * from information_schema.check_constraints; + +CREATE TABLE t2 +( +name VARCHAR(30) CHECK(CHAR_LENGTH(name)>2), #field constraint +start_date DATE, +end_date DATE, +CONSTRAINT CHK_dates CHECK(start_date IS NULL) #table constraint +)ENGINE=Innodb; + --sorted_result +SELECT * from information_schema.check_constraints; + +ALTER TABLE t1 +ADD CONSTRAINT CHK_new_ CHECK(t>tt); +--sorted_result +SELECT * from information_schema.check_constraints; + +# Create table with same field and table check constraint name +CREATE TABLE t3 +( +a int, +b int check (b>0), # field constraint named 'b' +CONSTRAINT b check (b>10) # table constraint +) ENGINE=InnoDB; + --sorted_result +SELECT * from information_schema.check_constraints; + +DISCONNECT con1; +CONNECT(con2, localhost, boo2,, test); + --sorted_result +SELECT * from information_schema.check_constraints; + +DISCONNECT con2; +CONNECT(con1, localhost, boo1,,foo); +DROP TABLE t0; +DROP TABLE t1; +DROP TABLE t2; +DROP TABLE t3; +DROP DATABASE foo; + +DISCONNECT con1; +--CONNECTION default +DROP USER boo1; +DROP USER boo2; |